[libvirt-users] converting save/dump output into physical memory image
by Andrew Tappert
A lot of people in the security community, myself included, are
interested in memory forensics these days. Virtualization is a natural
fit with memory forensics because it allows one to get access to a
guest's memory without having to introduce any extra software into the
guest or otherwise interfere with it. Incident responders are
particularly interested in getting memory dumps from systems they're
investigating.
Virsh has "save" and "dump" commands for storing the state of a guest to
a file on disk, but memory of KVM guests doesn't get saved in the
"standard" input format for memory forensics tools, which is a raw
physical memory image. (This is what you'd get via the classical "dd
/dev/mem" approach or the contemporary equivalent using the crash
driver; and VMware Server and Workstation produce .vmem files, which are
such raw physical memory images, when a guest is paused or snapshotted.)
In order to analyze the memory of Libvirt/KVM guests with my Linux
memory forensics software, Second Look, I've created a tool for
converting Libvirt-QEMU-save files (output of virsh save command) or
QEMU-savevm files (output of virsh dump command) to raw physical memory
images.
I've got a basic working capability, though I'm still tracking down some
problems with a guest allocated 8GB RAM--not all the memory seems to be
present in the save or dump file. And I haven't tested very extensively
yet, version support is limited to what I myself am currently running, etc.
I'd like to know if this is a capability that others are interested in.
Is this something that would be of interest to the Libvirt project if I
were to contribute the code, or to the KVM project, or do you think it
best exists as a separate project?
I've also got a proof-of-concept tool for converting hibernate images to
raw physical memory images. Perhaps a collection of tools for
converting various memory dump formats would be a good project. Anyone
else interested in this kind of stuff? As an author of commercial
memory forensics software I've got a vested interest in availability of
good memory acquisition capabilities. But there are a number of people
working on FOSS Linux memory analysis tools, too...
Andrew
12 years, 7 months
[libvirt-users] Compatibility with Parallels Virtouzo
by Andreas Mauf
Hi,
will libvirt work with the commercial parallels virtuozzo, too? Cause
the linux version of virtuozzo is based on openvz, which ist supported
by libvirt.
Does someone have some experencies with that?
Thanks for any feedback,
Andreas
--
SysEleven GmbH
Rosenthaler Str. 34/35
10178 Berlin
Firmensitz: Berlin
Registergericht: AG Berlin Charlottenburg, HRB 108571 B
Geschäftsführer: Marc Korthaus
13 years, 5 months
Re: [libvirt-users] [Qemu-devel] Qcow2
by Stefan Hajnoczi
On Wed, May 18, 2011 at 5:18 PM, <arun.sasi1(a)wipro.com> wrote:
> Hello Stefan,
>
>
>
> Thank you very much for considering my issue...
>
>
>
> Here is My problem...
>
>
>
> 1) I have 4 VM`s Running on Base server.
>
> 2) Base server is having 15GB RAM.
>
> 3) I can start all VM`s apart from my file server.
>
> 4) File server is having OS image and 1.2TB QCOW2 Image.
>
> 5) When I remove 1.2TB from xml file (vdb.img) I can start my server but
> Data partition is null becase I have not added 1.2TB in XML.
>
> 6) Command I am using virsh start <Domain>
>
> 7) Even through virt-manager also I am not able to start the VM. Attached is
> the error message
Unfortunately the message gives no details:
"libvirtError: internal error unable to start guest:"
> 8) Keep on trying adding and removing and defining the XML after 2 Hrs I am
> able to start.
What did you change that made it work?
> 9) Operating system Ubuntu 9.04
>
> 10) I have 3 location file server having the same issue… even all file
> servers are same configuration…
Libvirt keeps log files for each VM under
/var/log/libvirt/qemu/<domain>.log. You might find more detailed
error information in that file and it will at least contain the
qemu-kvm command-line used to launch the domain. Please take a look
at that file and post the lines surrounding the error, especially the
"starting up" log line.
Have you verified that the .qcow2 image file is accessible, ownership
and permissions should be the same as the image files of your other
domains.
Stefan
> -----Original Message-----
> From: Stefan Hajnoczi [mailto:stefanha@linux.vnet.ibm.com]
> Sent: Wednesday, May 18, 2011 9:28 PM
> To: Arun Sasi V (WI01 - Manage IT)
> Subject: Re: Qcow2
>
>
>
> On Wed, May 18, 2011 at 07:30:05PM +0530, arun.sasi1(a)wipro.com wrote:
>
>> The Guest VM which is larger example 1.2TB is not starting after the
>
>> base server reboot... Pleae help what needs to be do in this situation.
>
>
>
> You have not provided information on what is happening. Are you getting
>
> an error message during boot from the 1.2TB guest? Is the 1.2TB guest
>
> even being autostarted (use "virsh autostart <domain>" to enable
>
> autostart on a domain)?
>
>
>
> Please send support questions like this to qemu-devel(a)nongnu.org in the
>
> future. That way other people in the QEMU community can help too.
>
>
>
> Stefan
>
> Please do not print this email unless it is absolutely necessary.
>
> The information contained in this electronic message and any attachments to
> this message are intended for the exclusive use of the addressee(s) and may
> contain proprietary, confidential or privileged information. If you are not
> the intended recipient, you should not disseminate, distribute or copy this
> e-mail. Please notify the sender immediately and destroy all copies of this
> message and any attachments.
>
> WARNING: Computer viruses can be transmitted via email. The recipient should
> check this email and any attachments for the presence of viruses. The
> company accepts no liability for any damage caused by any virus transmitted
> by this email.
>
> www.wipro.com
13 years, 6 months
[libvirt-users] unable to migrate guests
by PREETHI RAMESH
I'm new to libvirt and I'm facing a problem while migrating the guest
domain.
Both guest and host are of the same config(checked it with uname -a)
Migrating using virsh, I get:
virsh # migrate hda2 --desturi qemu+ssh://root@10.129.54.254/system
root(a)10.129.54.254's password:
error: operation failed: migration to 'tcp:kvm-lab:49168' failed: migration
failed.
The details of the problem are shown by the Virtual machine manger are:
Unable to migrate guest: operation failed: migration to 'tcp:kvm-lab:49165'
failed: migration failed
Traceback (most recent call last):
File "/usr/share/virt-manager/virtManager/asyncjob.py", line 45, in
cb_wrapper
callback(asyncjob, *args, **kwargs)
File "/usr/share/virt-manager/virtManager/migrate.py", line 523, in
_async_migrate
vm.migrate(dstconn, migrate_uri, rate, live, secure, meter=meter)
File "/usr/share/virt-manager/virtManager/domain.py", line 1141, in
migrate
self._backend.migrate(destconn.vmm, flags, newname, interface, rate)
File "/usr/lib/python2.7/dist-packages/libvirt.py", line 521, in migrate
if ret is None:raise libvirtError('virDomainMigrate() failed', dom=self)
libvirtError: operation failed: migration to 'tcp:kvm-lab:49165' failed:
migration failed
I've tried disabling apparmor and then migrating by-
pre@pre-Inspiron-N4010:~$ sudo invoke-rc.d apparmor kill
.: 35: Can't open /lib/apparmor/functions
invoke-rc.d: initscript apparmor, action "kill" failed.
and
stopping iptables-
pre@pre-Inspiron-N4010:~$ sudo /etc/init.d/iptables stop
[sudo] password for pre:
sudo: /etc/init.d/iptables: command not found
Thank you.
13 years, 7 months
[libvirt-users] no virtio in virt-manager
by Konstantin Svist
Hi,
For some reason, I don't have virtio as an option in virt-manager on one
of my computers.
I'm using Fedora 14 with virt-preview repo, x64 architecture.
It must be some package that I missed, does anyone know what it might be?
Thanks
13 years, 7 months
[libvirt-users] Forward routed network bridge on system's vlan
by RaSca
Hi all,
I created a two node cluster that manages virtual machines with two
servers connected via a cross cable on the network 10.0.0.0/24. I want
that machines that runs on different servers in the network
172.16.0.0/24 can see all the others.
To make this possible I've configured a vlan on each server:
...
...
5: eth1.111@eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc
noqueue state UP
link/ether 5c:d9:98:b1:4c:4d brd ff:ff:ff:ff:ff:ff
inet 172.16.0.0/24 brd 172.16.0.255 scope global eth1.111
inet6 fe80::5ed9:98ff:feb1:4c4d/64 scope link
valid_lft forever preferred_lft forever
...
...
And created a "lan" network, via virsh:
<network>
<name>lan</name>
<uuid>8ac034c8-553d-b995-5a80-c1c711cb088c</uuid>
<forward dev='eth1.111' mode='route'/>
<bridge name='virbr1' stp='on' delay='0' />
<ip address='172.16.0.2' netmask='255.255.255.0'>
</ip>
</network>
but with this setup "lan" never comes up because, for some reason, the
network is locked:
# virsh net-start lan
error: Failed to start network lan
error: internal error Network 172.16.0.1/255.255.255.0 is already in use
by interface eth1.111
What is not clear to me is why, if I turn down the eth1.111 device,
start the lan network, turn eth1.111 up and then force the brctl addif
command, everything works:
# ifdown eth1.111
Removed VLAN -:eth1.111:-
# virsh net-start lan
Network lan started
# ifup eth1.111
Set name-type for VLAN subsystem. Should be visible in /proc/net/vlan/config
Added VLAN with VID == 111 to IF -:eth1:-
# brctl addif virbr1 eth1.111
# brctl show
bridge name bridge id STP enabled interfaces
br0 8000.6c626dd7518e no eth0
virbr0 8000.000000000000 yes
virbr1 8000.5cd998b14c4d yes eth1.111
Why manually is possible to make things work? What am I ignoring?
Thanks a lot,
--
RaSca
Mia Mamma Usa Linux: Niente è impossibile da capire, se lo spieghi bene!
rasca(a)miamammausalinux.org
http://www.miamammausalinux.org
13 years, 7 months
[libvirt-users] libvirt boots from Knoppix-CD but not Debian-CD
by Christian Brandt
Debian Squeeze, libvirt 0.8.3, qemu-kvm 0.15.5
After configuring the cd image the bios screen shows:
(tested with virsh, virt-install and virt-manager)
Starting SeaBIOS (version 0.5.1-20110523_174945-brahms)
Booting from CD-Rom
65MB medium found (bzw. whatever size)
Boot failed: Could not read from CDROM (code 000c)
...
the cd images (debian6-cd1, debian6-netinst, debian6-buisnesscard) have
the correct md5sum an can be mounted, they simply do not boot. On the
other hand, a recent knoppix ISO works well. Tested countless times. All
access rights are 777.
Only special feature: the host is a minimal installation done with
debootstrap and contains not much else than libvirt, virt-manager and
lxterminal.
I am out of wit. Any ideas?
--
Christian Brandt
life is short and in most cases it ends with death
but my tombstone will carry the hiscore
13 years, 7 months
[libvirt-users] kvm.h not found
by --[ UxBoD ]--
Hello all,
Am attempting to compile the latest version of libvirt against a custom kernel 2.6.32.40 under CentOS 5.6 and see this in the configure output:
checking linux/kvm.h usability... no
checking linux/kvm.h presence... no
checking for linux/kvm.h... no
I have tried to change where it is looking using:
CPPFLAGS="-I /home/compuser/linux-2.6.32.40/include" ./configure
but end up with the same result. What am I doing wrong ?
--
Thanks, Phil
13 years, 7 months
[libvirt-users] polkit error when starting virt-manager on fedora14
by Alex
Hi,
I have the following error in syslog when starting virt-manager and
trying to connect:
May 25 16:39:33 sage libvirtd: 16:39:33.525: error :
remoteDispatchAuthPolkit:3846 : Policy kit denied action
org.libvirt.unix.manage from pid 27509, uid 500, result: 512
I can manually start the kvm guest using virsh, but why can't
virt-manager start them?
This is on fedora14 x86_64:
# rpm -qva|egrep 'virt|polkit|qemu'
polkit-qt-0.99.0-2.fc14.x86_64
qemu-img-0.13.0-1.fc14.x86_64
python-virtkey-0.50-8.fc14.x86_64
qemu-kvm-0.13.0-1.fc14.x86_64
polkit-0.98-5.fc14.x86_64
polkit-gnome-0.97-4.fc14.x86_64
libvirt-python-0.8.3-9.fc14.x86_64
virt-viewer-0.2.1-1.fc13.x86_64
gpxe-roms-qemu-1.0.1-3.fc14.noarch
virt-top-1.0.4-3.fc13.x86_64
libvirt-client-0.8.3-9.fc14.x86_64
virtuoso-opensource-6.1.2-1.fc14.x86_64
qemu-common-0.13.0-1.fc14.x86_64
polkit-desktop-policy-0.98-5.fc14.noarch
redland-virtuoso-1.0.12-1.fc14.x86_64
python-virtinst-0.500.6-1.fc14.noarch
libvirt-0.8.3-9.fc14.x86_64
qemu-system-x86-0.13.0-1.fc14.x86_64
virt-manager-0.8.7-2.fc14.noarch
Please let me know what other information I can provide to fix this
problem. I haven't rebooted yet, but I suspect at least that would fix
it?
Thanks,
Alex
13 years, 7 months
[libvirt-users] Failed to connect to Xen 4.1 using virsh
by YAO
Hi,
I installed xen 4.1 and libvirt 0.9.1 on ubuntu 10.04 x86
when I tried "*virsh -c xen:/// list*", the terminal give me error:
*error: unable to connect to '/var/run/libvirt/libvirt-sock', libvirtd may
need to be started: No such file or directory*
*error: failed to connect to the hypervisor*
But when I tried "*sudo virsh -c xen:/// list*", there's different error:
*error: unable to connect to 'localhost:8000': Connection refused*
*error: failed to connect to the hypervisor*
That really confused me.
Do I need to start libvirtd like "*sudo libvirtd*"? cause "*virsh -c
test:///default list*" is OK without it.
I have started xencommons and xend, so I really don't know what I missed...
Thanks,
Yao
13 years, 7 months